<!DOCTYPE html>



  


<html class="theme-next gemini use-motion" lang="zh-Hans">
<head>
  <meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />
















  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />







<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />

<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css" />


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="Spring Boot,Spring Security," />










<meta name="description" content="Spring Boot Security原理分析，更加深入理解Security所做的事情">
<meta name="keywords" content="Spring Boot,Spring Security">
<meta property="og:type" content="article">
<meta property="og:title" content="Spring Boot Security分析">
<meta property="og:url" content="http://yoursite.com/2018/12/20/Spring-Boot-Security分析/Spring-Boot-Security分析/index.html">
<meta property="og:site_name" content="程序员乌托邦">
<meta property="og:description" content="Spring Boot Security原理分析，更加深入理解Security所做的事情">
<meta property="og:locale" content="zh-Hans">
<meta property="og:image" content="https://mdsystem.oss-cn-hangzhou.aliyuncs.com/blog/81CD9252-1446-4040-A108-C37319D23ED8.png">
<meta property="og:updated_time" content="2018-12-20T06:52:33.907Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Spring Boot Security分析">
<meta name="twitter:description" content="Spring Boot Security原理分析，更加深入理解Security所做的事情">
<meta name="twitter:image" content="https://mdsystem.oss-cn-hangzhou.aliyuncs.com/blog/81CD9252-1446-4040-A108-C37319D23ED8.png">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Gemini',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="http://yoursite.com/2018/12/20/Spring-Boot-Security分析/Spring-Boot-Security分析/"/>





  <title>Spring Boot Security分析 | 程序员乌托邦</title>
  








</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/"  class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">程序员乌托邦</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br />
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/tags/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br />
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br />
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br />
            
            归档
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="http://yoursite.com/2018/12/20/Spring-Boot-Security分析/Spring-Boot-Security分析/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Wolf、Heart">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="/images/avatar.gif">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="程序员乌托邦">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">Spring Boot Security分析</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2018-12-20T14:49:02+08:00">
                2018-12-20
              </time>
            

            

            
          </span>

          
            <span class="post-category" >
            
              <span class="post-meta-divider">|</span>
            
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/Spring-Boot/" itemprop="url" rel="index">
                    <span itemprop="name">Spring Boot</span>
                  </a>
                </span>

                
                
                  ， 
                
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/Spring-Security/" itemprop="url" rel="index">
                    <span itemprop="name">Spring Security</span>
                  </a>
                </span>

                
                
              
            </span>
          

          
            
          

          
          

          

          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <h3 id="Spring-Boot-Security原理分析，更加深入理解Security所做的事情"><a href="#Spring-Boot-Security原理分析，更加深入理解Security所做的事情" class="headerlink" title="Spring Boot Security原理分析，更加深入理解Security所做的事情"></a>Spring Boot Security原理分析，更加深入理解Security所做的事情</h3><a id="more"></a>
<h1 id="一、功能"><a href="#一、功能" class="headerlink" title="一、功能"></a>一、功能</h1><p>Spring Boot Security作为一个安全框架，为系统提供安全控制。安全控制涉及到”访问者是谁”和”访问者是否具有访问该请求的权限”</p>
<h1 id="二、安全系统流程"><a href="#二、安全系统流程" class="headerlink" title="二、安全系统流程"></a>二、安全系统流程</h1><p>安全系统设计到权限控制，大致流程如下：</p>
<ol>
<li>用户登录，校验用户账号、密码是否正确</li>
<li>如果账号信息校验通过，则查询用户的权限信息，绑定在当前用户上，如果校验失败给出错误提示信息</li>
<li>判断用户是否具有访问资源的权限</li>
<li>如果有，则允许用户访问，如果没有，拒绝访问</li>
</ol>
<h1 id="三、权限系统设计"><a href="#三、权限系统设计" class="headerlink" title="三、权限系统设计"></a>三、权限系统设计</h1><p>每个系统的用户都拥有对应的系统权限，那么我们该如何来设计权限系统？一般我们不会把权限直接绑定在用户上，这样需要对每个人分配具体的权限，而且很多人的权限都是一样的，这样设计就会很复杂。此时我们会引入角色这样一个概念，用户拥有角色，角色有用权限，那么用户就拥有了权限信息，这样就会显得很简单。</p>
<ol>
<li>设计用户，用户拥有多个角色对象</li>
<li>设计角色，一个角色拥有多个权限信息</li>
<li>设计权限</li>
</ol>
<h1 id="四、安全系统实现"><a href="#四、安全系统实现" class="headerlink" title="四、安全系统实现"></a>四、安全系统实现</h1><p>我们可以自己实现，在登录方法里面校验用户的账号密码信息，校验通过查询用户对应的角色，然后查询出对应的权限信息，绑定在当前用户身上。</p>
<p>然后实现一个拦截器，对所有需要权限的方法进行拦截，在拦截器中判断当前用户是否具有访问当前方法的权限，有则放行，没有则返回没有操作权限的提示信息。</p>
<h1 id="五、基于Security实现安全系统"><a href="#五、基于Security实现安全系统" class="headerlink" title="五、基于Security实现安全系统"></a>五、基于Security实现安全系统</h1><ol>
<li><p>首先我们需要配置那些路径是可以访问，那些必须要登录之后才可以访问的</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br></pre></td><td class="code"><pre><span class="line">@Override</span><br><span class="line">protected void configure(HttpSecurity http) throws Exception &#123;</span><br><span class="line">    http</span><br><span class="line">        .authorizeRequests()</span><br><span class="line">            .antMatchers(&quot;/&quot;)</span><br><span class="line">            .permitAll()</span><br><span class="line">            .anyRequest()</span><br><span class="line">            .authenticated()</span><br><span class="line">            .and()</span><br><span class="line">        .formLogin()</span><br><span class="line">            .loginPage(&quot;/login&quot;)</span><br><span class="line">            .failureUrl(&quot;/login/error&quot;)</span><br><span class="line">            .permitAll()</span><br><span class="line">            .and()</span><br><span class="line">        .logout()</span><br><span class="line">            .permitAll();</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
<li><p>由于我们使用的表单登录，那么我们在请求需要登录操作的资源的时候就会路由到我们指定的登录界面,如上面配置的/login路径上</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">@Override</span><br><span class="line">public void addViewControllers(ViewControllerRegistry registry) &#123;</span><br><span class="line">    registry.addViewController(&quot;/login&quot;).setViewName(&quot;login&quot;);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
<li><p>在登录界面我们会输入账号、密码，点击登录之后就会执行验证操作，之前上文也提到过，我们会在登录方法里面校验账号是否合法，Security框架采用的是基于Servlet的过滤器来实现的，下面我们来看看UsernamePasswordAuthenticationFilter这个类</p>
<ol>
<li><p>属性解释，定义了表单元素name的值</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">   public static final String SPRING_SECURITY_FORM_USERNAME_KEY = &quot;username&quot;;</span><br><span class="line">public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = &quot;password&quot;;</span><br></pre></td></tr></table></figure>
</li>
<li><p>构造，从构造中我们可以看到，该过滤器会拦截/login请求，并且是POST方法，还记得在第二步的时候我们也有一个/login请求，该请求是一个GET请求，跳转登录页面的</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">   public UsernamePasswordAuthenticationFilter() &#123;</span><br><span class="line">	super(new AntPathRequestMatcher(&quot;/login&quot;, &quot;POST&quot;));</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
<li><p>方法，首先获取表单提交的用户名、密码，然后封装成了UsernamePasswordAuthenticationToken对象，最终调用this.getAuthenticationManager()的authenticate()方法来进行认证</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line">   public Authentication attemptAuthentication(HttpServletRequest request,</span><br><span class="line">		HttpServletResponse response) throws AuthenticationException &#123;</span><br><span class="line">	if (postOnly &amp;&amp; !request.getMethod().equals(&quot;POST&quot;)) &#123;</span><br><span class="line">		throw new AuthenticationServiceException(</span><br><span class="line">				&quot;Authentication method not supported: &quot; + request.getMethod());</span><br><span class="line">	&#125;</span><br><span class="line"></span><br><span class="line">	String username = obtainUsername(request);</span><br><span class="line">	String password = obtainPassword(request);</span><br><span class="line"></span><br><span class="line">	if (username == null) &#123;</span><br><span class="line">		username = &quot;&quot;;</span><br><span class="line">	&#125;</span><br><span class="line"></span><br><span class="line">	if (password == null) &#123;</span><br><span class="line">		password = &quot;&quot;;</span><br><span class="line">	&#125;</span><br><span class="line"></span><br><span class="line">	username = username.trim();</span><br><span class="line"></span><br><span class="line">	UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(</span><br><span class="line">			username, password);</span><br><span class="line"></span><br><span class="line">	// Allow subclasses to set the &quot;details&quot; property</span><br><span class="line">	setDetails(request, authRequest);</span><br><span class="line"></span><br><span class="line">	return this.getAuthenticationManager().authenticate(authRequest);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
</ol>
</li>
<li><p>this.getAuthenticationManager()指的就是AuthenticationManager这个接口，查看其实现我们可以定位到ProviderManager这个类</p>
</li>
<li>ProviderManager分析，改类会调用所有的provider，找到合适的provider来进行校验，result = provider.authenticate(authentication);这个地方我们点进去继续查看</li>
<li>会定位到AbstractUserDetailsAuthenticationProvider#authenticate()，该方法会调用retrieveUser()方法返回一个User对象，retrieveUser()方法点进去查看</li>
<li><p>会定位到DaoAuthenticationProvider#retrieveUser()方法，里面会调用</p>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">UserDetails loadedUser = this.getUserDetailsService().loadUserByUsername(username);</span><br></pre></td></tr></table></figure>
</li>
<li><p>上面可以看到会调用this.getUserDetailsService()的loadUserByUsername()方法，点进去可以看到UserDetailsService是一个接口，查看该接口的实现<br><img src="https://mdsystem.oss-cn-hangzhou.aliyuncs.com/blog/81CD9252-1446-4040-A108-C37319D23ED8.png" alt=""><br>从上图我们可以看到该接口有很多的实现，默认的实现有jdbc的实现还有基于内存用户的实现，来看看我们自定义的实现</p>
</li>
<li>自定义实现<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br></pre></td><td class="code"><pre><span class="line">@Service</span><br><span class="line">public class CustomerUserDetailService implements UserDetailsService &#123;</span><br><span class="line"></span><br><span class="line">    @Autowired</span><br><span class="line">    private UserService userService;</span><br><span class="line"></span><br><span class="line">    @Override</span><br><span class="line">    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException &#123;</span><br><span class="line">        SystemUser user = userService.getSystemByUsername(username);</span><br><span class="line">        if (Objects.isNull(user)) &#123;</span><br><span class="line">            throw new UsernameNotFoundException(username);</span><br><span class="line">        &#125;</span><br><span class="line"></span><br><span class="line">        List&lt;SimpleGrantedAuthority&gt; authorityList = new ArrayList&lt;&gt;();</span><br><span class="line">        for (SystemRole role : user.getRoleList()) &#123;</span><br><span class="line">            for (SystemPermission permission : role.getPermissionList()) &#123;</span><br><span class="line">                authorityList.add(new SimpleGrantedAuthority(permission.getUrl()));</span><br><span class="line">            &#125;</span><br><span class="line">        &#125;</span><br><span class="line">        return new User(username, user.getPassword(), authorityList);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
</ol>
<p>首先检测用户是否存在，如果不存在直接抛出异常，如果存在查询用户的权限信息，然后返回User对象，Security会自动帮我进行密码校验，如果校验失败直接在页面给出”用户或密码错误这样的提示”，如果校验通过则直接访问到目标资源</p>
<ol start="10">
<li>目标资源页面<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br></pre></td><td class="code"><pre><span class="line">&lt;!DOCTYPE html&gt;</span><br><span class="line">&lt;html lang=&quot;en&quot;</span><br><span class="line">      xmlns=&quot;http://www.w3.org/1999/xhtml&quot;</span><br><span class="line">      xmlns:th=&quot;http://www.thymeleaf.org&quot;</span><br><span class="line">      xmlns:sec=&quot;http://www.thymeleaf.org/thymeleaf-extras-springsecurity4&quot;&gt;</span><br><span class="line">    &lt;head&gt;</span><br><span class="line">        &lt;meta charset=&quot;UTF-8&quot;&gt;</span><br><span class="line">        &lt;title&gt;Title&lt;/title&gt;</span><br><span class="line">        &lt;link th:href=&quot;@&#123;/bootstrap.min.css&#125;&quot; rel=&quot;stylesheet&quot;/&gt;</span><br><span class="line">    &lt;/head&gt;</span><br><span class="line">    &lt;body&gt;</span><br><span class="line">        &lt;h1&gt;</span><br><span class="line">            Logged in user: &lt;span sec:authentication=&quot;name&quot;&gt;&lt;/span&gt; |</span><br><span class="line">            Roles: &lt;span sec:authentication=&quot;principal.authorities&quot;&gt;&lt;/span&gt;</span><br><span class="line">        &lt;/h1&gt;</span><br><span class="line">        &lt;button sec:authorize=&quot;hasAuthority(&apos;/books/add&apos;)&quot; class=&quot;btn-primary&quot; th:href=&quot;@&#123;/books/add&#125;&quot;&gt;新增&lt;/button&gt;</span><br><span class="line">        &lt;table class=&quot;table table-striped table-hover table-condensed&quot;&gt;</span><br><span class="line">            &lt;thead&gt;</span><br><span class="line">                &lt;tr&gt;</span><br><span class="line">                    &lt;th&gt;编号&lt;/th&gt;</span><br><span class="line">                    &lt;th&gt;名称&lt;/th&gt;</span><br><span class="line">                    &lt;th&gt;出版时间&lt;/th&gt;</span><br><span class="line">                    &lt;th&gt;操作&lt;/th&gt;</span><br><span class="line">                &lt;/tr&gt;</span><br><span class="line">            &lt;/thead&gt;</span><br><span class="line">            &lt;tbody&gt;</span><br><span class="line">                &lt;tr th:each=&quot;book : $&#123;bookList&#125;&quot;&gt;</span><br><span class="line">                    &lt;td th:text=&quot;$&#123;book.id&#125;&quot;&gt;&lt;/td&gt;</span><br><span class="line">                    &lt;td th:text=&quot;$&#123;book.name&#125;&quot;&gt;&lt;/td&gt;</span><br><span class="line">                    &lt;td th:text=&quot;$&#123;book.publishDate&#125;&quot;&gt;&lt;/td&gt;</span><br><span class="line">                    &lt;td&gt;</span><br><span class="line">                        &lt;a sec:authorize=&quot;hasAuthority(&apos;/books/update&apos;)&quot; th:href=&quot;@&#123;/books/update&#125;&quot;&gt;修改&lt;/a&gt;</span><br><span class="line">                        &lt;a sec:authorize=&quot;hasAuthority(&apos;/books/delete&apos;)&quot; th:href=&quot;@&#123;/books/delete&#125;&quot;&gt;删除&lt;/a&gt;</span><br><span class="line">                    &lt;/td&gt;</span><br><span class="line">                &lt;/tr&gt;</span><br><span class="line">            &lt;/tbody&gt;</span><br><span class="line">        &lt;/table&gt;</span><br><span class="line">    &lt;/body&gt;</span><br><span class="line">&lt;/html&gt;</span><br></pre></td></tr></table></figure>
</li>
</ol>
<p>在页面上我们判断当前用户是否有权限，有才展示响应的操作按钮，如果没有，就不展示。</p>
<p>这样整个认证、授权、权限控制流程就完成了</p>
<h1 id="六、github代码"><a href="#六、github代码" class="headerlink" title="六、github代码"></a>六、github代码</h1><p><a href="https://github.com/a601942905git/boot-example/tree/master/boot-example-security3" target="_blank" rel="noopener">Spring Boot Security实现权限控制</a></p>

      
    </div>
    
    
    

    

    

    

    <footer class="post-footer">
      
        <div class="post-tags">
          
            <a href="/tags/Spring-Boot/" rel="tag"># Spring Boot</a>
          
            <a href="/tags/Spring-Security/" rel="tag"># Spring Security</a>
          
        </div>
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/2018/12/18/Spring-Boot-Security进阶-二/Spring-Boot-Security进阶-二/" rel="next" title="Spring Boot Security进阶(二)">
                <i class="fa fa-chevron-left"></i> Spring Boot Security进阶(二)
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/2018/12/21/Spring-Boot-Security源码分析/Spring-Boot-Security源码分析/" rel="prev" title="Spring Boot Security源码分析">
                Spring Boot Security源码分析 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

  



        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
            
              <p class="site-author-name" itemprop="name">Wolf、Heart</p>
              <p class="site-description motion-element" itemprop="description">主要用于分享平时学习的只是以及遇到的困难，帮助自己以及需要的人一起共同成长</p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/archives/">
              
                  <span class="site-state-item-count">45</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                <a href="/categories/index.html">
                  <span class="site-state-item-count">14</span>
                  <span class="site-state-item-name">分类</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-tags">
                <a href="/tags/index.html">
                  <span class="site-state-item-count">13</span>
                  <span class="site-state-item-name">标签</span>
                </a>
              </div>
            

          </nav>

          

          

          
          

          
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#Spring-Boot-Security原理分析，更加深入理解Security所做的事情"><span class="nav-number">1.</span> <span class="nav-text">Spring Boot Security原理分析，更加深入理解Security所做的事情</span></a></li></ol></li></ol></li><li class="nav-item nav-level-1"><a class="nav-link" href="#一、功能"><span class="nav-number"></span> <span class="nav-text">一、功能</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#二、安全系统流程"><span class="nav-number"></span> <span class="nav-text">二、安全系统流程</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#三、权限系统设计"><span class="nav-number"></span> <span class="nav-text">三、权限系统设计</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#四、安全系统实现"><span class="nav-number"></span> <span class="nav-text">四、安全系统实现</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#五、基于Security实现安全系统"><span class="nav-number"></span> <span class="nav-text">五、基于Security实现安全系统</span></a></li><li class="nav-item nav-level-1"><a class="nav-link" href="#六、github代码"><span class="nav-number"></span> <span class="nav-text">六、github代码</span></a></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2018</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Wolf、Heart</span>

  
</div>


  <div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>



  <span class="post-meta-divider">|</span>



  <div class="theme-info">主题 &mdash; <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next">NexT.Gemini</a> v5.1.4</div>




        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  


  











  
  
    <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  

  
  
    <script type="text/javascript" src="/lib/canvas-nest/canvas-nest.min.js"></script>
  


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.4"></script>



  
  


  <script type="text/javascript" src="/js/src/affix.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/schemes/pisces.js?v=5.1.4"></script>



  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  












  





  

  

  

  
  

  

  

  

</body>
</html>
